A Simple 3 Step Guide to Cross-Account Access in AWS
Consider a scenario: you have 2 AWS accounts: dev & prod. You need an IAM user in dev to be able to access resources in prod. This article explains a simple 3-step approach to accomplishing this.
Step 1: Create an IAM Role in Prod
Login to prod as a privileged user & create an IAM role with the permissions that the dev user should have when they assume this role:
Step 2: Allow Dev User to Assume the Prod Role
Next, log out of prod, login to dev as a privileged user & apply an inline policy to the IAM user that should be able to access prod resources:
Provide the ARN of the prod role in the resources section of the policy.
Step 3: Switch Role from Dev to Prod
Next, log out & login to dev as the IAM user & switch role to start accessing prod resources:
Harish KM is a Cloud Evangelist & a Full Stack Engineer at QloudX. He is very passionate about cloud-native solutions & using the best tools for his projects. With 10+ cloud & IT certifications, he is an expert in a multitude of application languages & is up-to-date with all new offerings & services from cloud providers, especially AWS.